glibc-2.17-322.el7

エラータID: AXSA:2021-1374:01

Release date: 
Wednesday, February 3, 2021 - 07:03
Subject: 
glibc-2.17-322.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

Security Fix(es):

* glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (CVE-2019-25013)

* glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029)

* glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern (CVE-2020-29573)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* glibc: 64bit_strstr_via_64bit_strstr_sse2_unaligned detection fails with large device and inode numbers

* glibc: Performance regression in ebizzy benchmark

CVE-2019-25013
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
CVE-2020-10029
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.
CVE-2020-29573
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

Solution: 

Update packages.

CVEs: 
CVE-2019-25013
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
CVE-2020-10029
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.
CVE-2020-29573
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.
Additional Info: 

N/A

Download: 

SRPMS
  1. glibc-2.17-322.el7.src.rpm
    MD5: 3b1c5c527e393d941a046dc762e40e39
    SHA-256: dc26fb4d46155b75070a2f8787a00980a15369c871b5681241c5440d59ae9abb
    Size: 25.19 MB

Asianux Server 7 for x86_64
  1. glibc-2.17-322.el7.x86_64.rpm
    MD5: 544fa8923629124eb4489e55bc2cae0b
    SHA-256: 8c6a734fb3b26325d57dd71f103ba2fa10082496332ae9470fc5d471afd5b926
    Size: 3.64 MB
  2. glibc-common-2.17-322.el7.x86_64.rpm
    MD5: 2d47135cf916b78f26b8fbc1d8898d2e
    SHA-256: 39d757cadd4a3533cee6868e75bbd64d61d6320a1c2ab05160ff993fe48727b9
    Size: 11.50 MB
  3. glibc-devel-2.17-322.el7.x86_64.rpm
    MD5: e8a7f1257b7a59859f7e44fdf85a3787
    SHA-256: 12239d39432edbfe0c0a8ae79d5b230e888440836876199cfcd625ec10c67ef9
    Size: 1.07 MB
  4. glibc-headers-2.17-322.el7.x86_64.rpm
    MD5: 4e019c58b8e41115c87df187bce46699
    SHA-256: 56ffcde49dfe40fa7a0a6cc40a5dc693493555d3aca2985dccd39523153b48f0
    Size: 689.51 kB
  5. glibc-utils-2.17-322.el7.x86_64.rpm
    MD5: 67f5e44141f9fc3e31b1a11e44c80851
    SHA-256: 80d5f00b900ec88cda0d8bdb192124bf88810a889ad7b3b713e4fb229725d3f0
    Size: 227.89 kB
  6. nscd-2.17-322.el7.x86_64.rpm
    MD5: c7fc4e4025cb576c8ef433a3f1b06248
    SHA-256: 304d33c6333fb4bed6a02c2795d4295ba63830d140db7441f49010026fe1e53b
    Size: 287.36 kB
  7. glibc-2.17-322.el7.i686.rpm
    MD5: 5268be6016f5d6aa54a6a3d434f17037
    SHA-256: 1f66b7ec31e928b980fa7a66e01d772391f101b37663ded45ebd73bae6a49574
    Size: 4.26 MB
  8. glibc-devel-2.17-322.el7.i686.rpm
    MD5: 6d51b3b24493cd5728a0b7f96531345b
    SHA-256: 0ba07e942528c4d3252b1a80630b625743eb720b06f09a74a0673278db6c800e
    Size: 1.08 MB